Futex Posted April 27, 2018 Share Posted April 27, 2018 Hi all, I wanted to execute a fonction on a loaded assembly, my code run well on a normal assembly, but it's failed when i try it on a obfuscated one (rdg packer says .net crypter) I list the string inside the binary like this: try { Assembly asm = Assembly.LoadFrom(executable); foreach (Type type in asm.GetTypes()) { foreach (MethodInfo method in type.GetMethods()) { if (method.MetadataToken == testToken) { Type t = asm.GetType(type.FullName); var methodInfoStatic = t.GetMethod(method.Name); if (methodInfoStatic == null) { throw new Exception("No such static method exists."); } object[] constructorParameters = new object[0]; var o = Activator.CreateInstance(t, constructorParameters); object[] parameters = new object[2]; parameters[0] = 124; parameters[1] = "Some text."; methodInfoStatic.Invoke(o, parameters); } } } } catch (ReflectionTypeLoadException e) { throw new Exception(string.Format("Failed to load type due to the following:{0}{1}{0}", Environment.NewLine, string.Join(Environment.NewLine, e.LoaderExceptions.Select(le => le.ToString()).ToArray()))); } catch (Exception ex) { if (ex.Source != null) Console.WriteLine("DecryptString IOException source: {0}", ex.Message); } When i launch it on the obfuscated assembly i have these type of error on the line foreach (Type type in asm.GetTypes()); Main IOException source: Failed to load type due to the following: System.TypeLoadException: Could not load type 'cd1f1ff1-32e7-42a3-b836-f97c7529b0e7' from assembly 'DSKUY1SYB8EWZF4Z73LSC112J0BO92TISHQ8Y3T1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null'. System.TypeLoadException: Could not load type '9265c019-154b-42b8-a817-e4687366c95d' from assembly 'DSKUY1SYB8EWZF4Z73LSC112J0BO92TISHQ8Y3T1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null'. A lot of same type functions Example of some of the functions using System; // Token: 0x02000044 RID: 68 internal class 9265c019-154b-42b8-a817-e4687366c95d : 9265c019-154b-42b8-a817-e4687366c95d { } using System; // Token: 0x02000043 RID: 67 internal class cd1f1ff1-32e7-42a3-b836-f97c7529b0e7 : cd1f1ff1-32e7-42a3-b836-f97c7529b0e7 { } Any idea how to correct that? Thank you Link to comment
YuqseLx Posted April 27, 2018 Share Posted April 27, 2018 I think you need to first call cctor and decrypt resources and load decrypted linked resource file. Is it confuserex? Link to comment
Futex Posted April 28, 2018 Author Share Posted April 28, 2018 It's not confuser, rdg packer say .net crypter. I think it's just a generic crypter There is no cctor in this binary, but there is a resource. Do you have an example of how to do it (for the resource and cctor for my curiosity)? Link to comment
YuqseLx Posted April 29, 2018 Share Posted April 29, 2018 Rdg says not important can you upload sample ? Or give from PM? Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now